Re: loopback device

From: Craig Van Tassle (craig@ambrosa.dns04.com)
Date: 01/17/02


Date: Thu, 17 Jan 2002 14:18:12 -0600
From: Craig Van Tassle <craig@ambrosa.dns04.com>
To: leon <leon@inyc.com>


Ok The port was a typeo. but do you think that my computer could be compromised or this could just be a mis-configuration on my computer or a atempt at a hack?How is it that my computer is catcheing this loopback traffic? could someone be bouncing off my computer or what?

Thanks
Craig
 
On Thu, Jan 17, 2002 at 02:11:15PM -0500, leon wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> What do you mean by what program is running on this port? I am not
> sure if you consider the loop back address a port as much as what it
> is (ie; a loopback address). I don't know if you can bind running
> process to the loopback addy. Even if you possibly could, an
> attacker never would because you would be unable to route traffic to
> it.
>
> HTH,
>
> Leon
>
> - -----Original Message-----
> From: Craig Van Tassle [mailto:craig@ambrosa.dns04.com]
> Sent: Tuesday, January 15, 2002 2:35 PM
> To: secuirty-basics
> Subject: Re: loopback device
>
> My loop back is supposed to be 127.0.0.1.. at least that is what my
> ifconfig shows me.. and i have no idea what program is running on
> that port.
> Do you think that i could have a possible intrusin?
>
> Thanks
> Craig
>
> On Tue, Jan 15, 2002 at 10:44:48AM -0800, Glenn Pitcher wrote:
> > No, you can't bypass the firewall using the loopback interface.
> > Whats interesting though is the IP address they're using... usually
> > loopback is 127.0.0.1 and the port number, 5460 isn't assigned to
> > anyone so what program is running?
> >
> > -----Original Message-----
> > From: Craig Van Tassle [mailto:craig@ambrosa.dns04.com]
> > Sent: Monday, January 14, 2002 8:48 AM
> > To: secuirty-basics
> > Subject: loopback device
> >
> >
> > Is it possible for someone over a network to use my loopback to by
> > pass my firewall? If so what can i do to mitigate the problem and
> > how damageing can it be?
> >
> > The reason im asking is my Snort sytem is showing badd loopback
> > traffic.. thanks
> >
> > here is a snipit from my snort logs.
> >
> > [**] [1:528:2] BAD TRAFFIC loopback traffic [**]
> > [Classification: Potentially Bad Traffic] [Priority: 2]
> > 01/12-14:10:11.568007 45.253.14.97:49847 -> 127.167.228.85:5460
> > TCP TTL:64 TOS:0x0 ID:37583 IpLen:20 DgmLen:40
> > ******S* Seq: 0x3F4BB00A Ack: 0x0 Win: 0x200 TcpLen: 20
> >
> > Thanks
> > Craig
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBPEchztqAgf0xoaEuEQJ4TACfeH/voSSUxDHrssH2yxJzHMZwmBcAnAlF
> 0A9v/M5EMTD2QQeYsszeN2Dq
> =tCcQ
> -----END PGP SIGNATURE-----
>






Relevant Pages

  • Re: Sockets, port and loop-back ?
    ... You mean the loopback network interface? ... > In the case that my in & out to the network is via my serial port ...
    (comp.os.linux.networking)
  • Re: SendMail sending garbage mails
    ... machine and blocked incoming packtes for other ports ... except 25 port and 110 ... but not blocked loopback do u feel this problem is ...
    (RedHat)
  • Re: TCP connection to MAC address
    ... All it is doing is emulating the loopback address by setting a default IP, and hitting it on a specific port as a sort of "secret knock" to unlocking the web interface to the configuration manager. ... Perhaps is should have posted in a networking group? ... For remotely configuring it, I would definitely use a specific address on your range in the event that you will be simultaneously configuring multiple of these devices on the same network. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: BizTalk 2004 :: HTTP req-resp :: loopback checkbox with slow performance
    ... The Loopback option allows you do execute maps/pipelines and get a response ... with no send port or orchestration subscription present - it isn't related ... Have you considered a one-way receive port? ...
    (microsoft.public.biztalk.general)
  • Re: TCP connection to MAC address
    ... All it is doing is emulating the loopback address by setting a default IP, and hitting it on a specific port as a sort of "secret knock" to unlocking the web interface to the configuration manager. ... I don't follow how it would help if my device supported the loopback interface. ... My only question is whether there is a method to add the static arp entry from code, or would I have to do it through a shell command? ...
    (microsoft.public.dotnet.languages.csharp)